Windows 7 in the Enterprise

Executive Summary:Microsoft Windows 7 has many new features such AppLocker, BranchCache, DirectAccess, Jump Lists, Libraries, and Troubleshooting Packs. It also has many enhancements, such as an improved version of User Account Control (UAC), the integration of Windows PowerShell 2.0, and Gadgets that aren't confined to the Sidebar. Learn about Windows 7's new features and enhancements and whether they're compelling enough to entice businesses to upgrade to Windows 7.

Confirming what everyone already knows, a recent study by Forrester showed that only 10 percent of businesses have adopted Windows Vista, calling Vista "the New Coke." That's not entirely surprising considering that Microsoft marketed Vista almost solely to consumers. Microsoft assumed that as people adopted Vista at home they would compel their businesses to adopt Vista as well. However, we all know it didn't turn out that way. Consumers found that they couldn't get drivers to make their devices work and couldn't get many of their old applications to run, which left such a bad taste in their mouth that they weren't about to recommend Vista to anyone. Meanwhile, businesses were put off by the hardware and software costs required for the upgrade. The ROI just wasn't compelling enough to justify the high upgrade cost.

Coming quickly on the tails of Vista, Windows 7 possess an array of new features designed to make it more attractive to enterprise customers. Is Windows 7 the desktop OS that both consumers and businesses have been waiting for? Is it compelling enough to entice businesses to shell out money for a desktop upgrade in these tight economic times? I'll tackle these questions and more as I take you on a guided tour of Microsoft's new Windows 7 release.

Windows 7 vs. Vista

The first thing to understand about Windows 7 is that it essentially is the next version of Vista. Windows 7 isn't something entirely new and different. Rather, the core Windows 7 OS is a direct descendant of Vista. All the main Vista features—such as the Aero UI, User Account Control (UAC), the revamped Windows Explorer, IPv6, and Windows BitLocker Drive Encryption—are carried over to Windows 7. Arguably, Windows 7 could be thought of as Vista R2. Like you might expect with an R2 release, Microsoft has addressed a lot of the problems present in the initial Vista release. Windows 7 offers better performance, fewer UAC hassles, and improved application compatibility. In addition, Windows 7 has a simpler set of editions than Vista. (For more information about the Windows 7 editions, see the web-exclusive article "Windows 7 Editions".)

Early Experiences

New OSs always excite me, so I was eager to toss Vista out and give Windows 7 a try. Truthfully, my early experience with Windows 7 has been a mixed bag. On the positive side, I found Windows 7 to be noticeably quicker than Vista on the same hardware, which for my system means it performed roughly equivalent to XP. I did much of my early testing on an older desktop system, which previously ran XP Professional x64, then Vista x64. This system has a 2.5GHz CPU and 1.5GB of RAM. This system ran well under XP, was ponderous under Vista, and was quick again under Windows 7.

On the negative side, I ran into unexpected driver problems. Surprisingly, several of the x64 drivers for my NVIDIA nForce3 motherboard that worked on Vista didn't work on Windows 7. In all fairness, this hardware is a generation old but that doesn't bode well for customers who might be considering using Windows 7 on existing XP systems that run on hardware from the same generation.

Overall, I liked Windows 7 way better than Vista. But is Windows 7 good enough to entice XP users to upgrade? Let's dive in and take a closer look at some of the main features in Windows 7.

New Desktop and Start Menu

While some skeptics say that UI enhancements are just eye candy, it's not that simple. The UI makes or breaks the OS. XP's UI enhancements made it the corporate standard for years. Conversely, Vista's Aero hardware requirements hindered its adoption. UI improvements can also affect productivity—big changes can cause a steep learning curve. The Windows 7 UI provides many benefits over the UI in XP and Vista.

The Windows 7 Start menu is a lot like the Vista Start menu. However, one really nice change is that the shutdown and power off options have been simplified. While it can be customized, Shut Down is the default option. Clicking the arrow on the right displays the Switch User, Log Off, Lock Restart, and Sleep options. The eye candy is that the Start button shines when you move your mouse over it.

Another really nice change in the Windows 7 desktop is its support for Gadgets. Vista requires that all Gadgets run in the Sidebar. However, the Sidebar took away an annoying amount of screen real estate. With Windows 7 the Sidebar isn't gone but you're no longer forced to put all your Gadgets in it. Gadgets can run directly on the desktop, so you can move them where ever you like.

AeroSnap is also a cool desktop feature. When you drag a window to the left edge of your display and another window to the right edge, AeroSnap automatically aligns and resizes the windows so that they each fill half the screen. This feature is handy for comparing documents and directories.

New Taskbar and Jump Lists

Windows 7's new taskbar features enlarged icons with no text on a translucent surface. One huge distinction between the Windows 7 and Vista taskbars is that the Windows 7 taskbar includes both running and nonrunning applications. You can pin an item to the Windows 7 taskbar making it a convenient application launch pad.

By default the Windows 7 taskbar includes icons for Internet Explorer (IE) 8.0, Windows Explorer, and Windows Media Player (WMP). Hovering your mouse over a closed application's icon provides the application's description in a tool tip. Clicking that icon launches the application. When an application is running, the icon gets a subtle border. When you hover the mouse over a running application's icon, a group of thumbnail images representing each open instance of that application appears, as Figure 1 shows. (Figure 1 also shows floating gadgets.) If you then move the mouse over one of those thumbnail images, that instance of the application is displayed on the desktop, even if it's minimized.

Another new feature in the taskbar is Jump Lists. Right-clicking a taskbar icon displays a list of the recently used documents.

Figure 1: The Windows 7 UI

Libraries

Windows Explorer in Windows 7 is very similar to the one in Vista. However, a notable new feature is the inclusion of Libraries. Libraries provide a new way to organize files. A Library is essentially a metafolder—a high level of folder. Unlike standard folders, Libraries can incorporate files from multiple folders. Each Library can contain files from as many folders as you want. Like folders, Libraries can be shared. Windows 7 ships with four Libraries: Documents, Music, Pictures, and Video. Each Library is optimized for its respective data type, which basically means the columns displayed in Windows Explorer are appropriate for the type of data. For instance, the Music Library displays the Name, #, Title, and Contributing artist columns, whereas the Documents Library displays the Name, Date modified, Type, and Size columns. You can also create your own custom Libraries. I was never a fan of the My Documents, My Pictures, My Music organization; I found Windows 7 Libraries to be a much more flexible and useful organizational tool. You can see the new Windows 7 Libraries in Figure 2.

Figure 2: Windows 7 Libraries

The Windows 7 UI represents an evolutionary jump beyond the Vista UI and makes the XP UI seem Spartan and dated. Windows 7 is Microsoft's best UI to date. Period.

PowerShell 2.0

Windows 7 has a lot of additional enhancements beyond the new UI enhancements. For improved manageability, Windows 7 includes the new PowerShell 2.0 release. Windows 7 is the first Windows desktop OS to include PowerShell as a part of the OS. PowerShell 2.0 is 100 percent compatible with PowerShell 1.0. Some of the new PowerShell 2.0 features include support for running scripts on remote systems, improved Windows Management Instrumentation (WMI) cmdlets, and support for creating ScriptCmdlets and running background jobs.

The best feature of PowerShell 2.0 is the new Integrated Scripting Environment (ISE). The ISE is a multi-tabbed graphical PowerShell development platform. It features color-coded syntax and debugging capabilities that let you set breakpoints and single-step through scripts.

The ISE has three panes. You use the Script Pane to write, edit, and debug PowerShell scripts. The Command Pane is where you execute PowerShell commands and scripts. The Output Pane displays the results of those commands and scripts.

Troubleshooting Packs

Building on its PowerShell integration, Windows 7 delivers a comprehensive troubleshooting platform consisting of a set of Troubleshooting Packs, which are essentially PowerShell scripts that identify and resolve problems. You access and run the Troubleshooting Packs through the Control Panel Troubleshooting applet. Windows 7 ships with 20 built-in Troubleshooting Packs. For example, the Audio Playback Troubleshooting Pack diagnoses problems with the system's sound configuration and audio driver. You can also create your own Troubleshooting Packs.

BranchCache and DirectAccess

Windows 7 has a number of new enterprise-oriented network enhancements. Two of the new features, BranchCache and DirectAccess, work in conjunction with Windows Server 2008 R2. When BranchCache is enabled, remote users' requests for files stored on a Server 2008 R2 machine are routed to locally cached copies of the files. This local caching can significantly improve file-access performance. Server 2008 R2 tracks file changes and makes sure that all clients access the most current files. BranchCache supports Server Message Block (SMB), HTTP, and HTTP Secure (HTTPS) file access. Remote users don't need to be on the same subnet.

BranchCache works in two modes:

Distributed Cache. In this mode, the cached files are kept on other networked client computers, so a local server isn't required. It uses WS-Discovery to query networked clients for local files. This mode is good for a limited number of remote users.

BranchCache. In this mode, the cached files are stored on a dedicated local BranchCache server. This mode is better for 100 or more remote users.

DirectAccess provides an alternative to VPNs for remote access. DirectAccess enables organizations to provide secure remote connectivity for mobile workers without the use of key fobs or SecurID tokens. To use this feature, you need a DirectAccess server running Server 2008 R2. The server must have two network cards—one for Internet traffic and one for internal connectivity. In addition, DirectAccess requires IPsec and IPv6. DirectAccess can work together with Server 2008 Network Access Protection (NAP) to ensure that only secured clients with the required patching levels and malware protection are allowed to access network resources.

UAC

One of the best improvements to Windows 7 is UAC. Widely reviled in Vista, UAC was a great example of a good idea gone wrong. UAC's overly enthusiastic prompting caused many users (myself included) to disable UAC entirely. However, disabling UAC also removes the protection it affords. When UAC is disabled, Protected Mode IE is disabled because UAC is the protection for the Win32 directory as well as file and registry virtualization. UAC in Windows 7 is a much more livable experience. Prompting is much less frequent and the level of prompting is configurable using the dialog box shown in Figure 3.

Figure 3: The UAC dialog box in Windows 7

AppLocker

UAC is one tool you can use to secure a desktop but it's not only one. AppLocker lets you create policies that explicitly control the applications and executables (e.g., .exe files, scripts, DLLs) that can be installed or run on a desktop. Its allow rules limit the execution of applications to whitelisted applications, blocking all others. Its deny rules permit the execution of all applications, except those that are blacklisted. AppLocker lets you create allow or deny exceptions for specific applications. It uses digital signatures to identify applications and executables, which gives you granular control down to the version level. For instance, you can set up AppLocker to allow only Adobe Reader 10.0 or later to be executed. AppLocker rules can be applied to specific users or groups in an organization. AppLocker, which only comes with Windows 7 Enterprise Edition, can be managed across the enterprise with Group Policy.

BitLocker and BitLocker ToGo

Introduced with Vista, BitLocker is a great security technology for laptops and other unsecured physical systems. It lets you encrypt your hard drives, thereby securing your data in case your laptop is stolen or lost. Using BitLocker is easier in Windows 7. You no longer have to perform the manual drive partitioning that Vista requires. Windows 7 BitLocker automatically creates and hides a 200MB partition on your boot drive. You can enable BitLocker by simply right-clicking your drive in Computer and selecting Turn on BitLocker from the context menu.

Windows 7 extends BitLocker's drive encryption capability to USB flash drives using a new feature called BitLocker ToGo. To access the contents of USB drives encrypted with BitLocker ToGo, you need to supply a password or pin. Just think about how many of these USB drives you have (and how many you've lost) and you'll know what an important technology this is.

Like AppLocker, BitLocker and BitLocker ToGo are only in Windows 7 Enterprise Edition. Although this edition is required to encrypt USB drives, lower editions can read and write data to encrypted USB drives if authorized credentials are provided. Down-level clients such as Vista can read from the drives if the proper credentials are supplied, but they can't write to them.

IE 8.0

Windows 7 includes IE 8.0. After using IE 8.0 for a little while, I got hooked. I never liked IE 7.0, mainly because I found it excruciatingly slow. There's a lot to like in IE 8.0. It's fast, which provides concrete evidence of how competition from third-party vendors can result in improved Microsoft products. IE 8.0 features tabbed browsing, Web Slices for tracking favorite web content, InPrivate Browsing for anonymous web browsing, Accelerators for browsing shortcuts, and SmartScreen filters that block suspected malware and flag phishing sites with a red warning screen. There also lots of little improvements such as the ability to size your address and search bars and easy access to recently closed tabs. Unlike Firefox and Google Chrome, IE 8.0 can be managed using Group Policy. Although some people have reported site incompatibilities, I haven't run into any problems in accessing sites.

Even More…

Feature-wise Windows 7 is a major release, and there are more features than I can cover here. Some of the other important features in Windows 7 include:

Action Center. The new Action Center provides a central place to view and respond to system alerts.

Problem Step Recorder. This feature lets end users record a series of screen shots to document a problem.

Windows Recovery Environment. Windows RE, which is installed by default, is used to recover from system failures.

Boot from VHD. In Windows 7, you can mount a Virtual Hard Disk (VHD) just like a drive and can even boot from it. Each VHD is like a hard drive with a primary partition. Boot from VHD is useful for setting up multi-boot environments.

Mobile Broadband. Windows 7 includes enhanced Mobile Broadband support. It now supports plug and play (PnP) for 3G cards and third-party connection managers.

Location-aware printing. Location-aware printing enables laptops to select the best configured printer based on the system's location.

Lucky Number 7

Apart from some minor driver problems, my experiences with Windows 7 have been very positive. Windows 7 fixes many of the problems that plagued Vista. Most important, Windows 7 restores a level of performance that makes your initial experience with the new OS a good one.

If you're using XP and you're already considering a desktop upgrade, I recommend bypassing Vista and jumping straight to Windows 7, even though there's no in-place upgrade from XP to Windows 7. You'll have the best experience installing Windows 7 on new hardware. Windows 7 is everything Vista should have been. Windows 7 essentially obsoletes Vista.

If you're using XP and you want to wait a while before you upgrade, the timing of that upgrade will probably be driven by your hardware replacement cycle. The old applications and hardware devices already installed on your XP systems will likely face compatibility problems with Windows 7. Therefore, rolling out Windows 7 when you need to get new hardware makes the most sense.

If you've already upgraded to Vista, it'll probably be difficult to make a case to upgrade to Windows 7. Windows 7 is the superior OS and the upgrade path from Vista to Windows 7 is an easy one, but if you've already made the leap to Vista, you've already overcome the migration hurdles and it's too soon for most companies to undertake another upgrade cycle. Organizations currently using Vista will probably be incorporating Windows 7 primarily as new machines are purchased.

Windows 7 delivers an excellent desktop experience. Its UI is much richer than XP's UI. The usability and performance is much better in Windows 7 than in Vista. For enterprise customers, features such as BitLocker, BitLocker ToGo, PowerShell 2.0, Troubleshooting Packs, Problem Step Recorder and Windows RE make Windows 7 Microsoft's best desktop OS to date.